Allow PrivilegeViewUserAdvanced owners to see all users' user IDs.
This commit is contained in:
parent
c4e03dc189
commit
4bf5673bd0
|
@ -140,7 +140,7 @@ func UserWhatsTheIDGET(md common.MethodData) common.Response {
|
||||||
allowed int
|
allowed int
|
||||||
)
|
)
|
||||||
err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Param("username")).Scan(&id, &allowed)
|
err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Param("username")).Scan(&id, &allowed)
|
||||||
if err != nil || allowed != 1 {
|
if err != nil || (allowed != 1 && !md.User.Privileges.HasPrivilegeViewUserAdvanced()) {
|
||||||
return common.Response{
|
return common.Response{
|
||||||
Code: 404,
|
Code: 404,
|
||||||
Message: "That user could not be found!",
|
Message: "That user could not be found!",
|
||||||
|
|
Loading…
Reference in New Issue
Block a user